spfister - EDIT 5370 - MODULE 9 - Policy Document

Stephen Pfister

EDIT-5370

Module 9 - Policy Document

April 28, 1019

Scenario

Kasasa is a software and marketing solutions provider for community banks and credit unions. Kasasa clients are insured by government agencies, FDIC and NCUA, and therefore must comply with all regulations and rules required by the federal government in regards to how we store and use data, as well as how we provide information to consumers. Proper security training is vital to insure compliance in regards to our staff and our clients.

The company is composed of all levels of professionals, including contract workers and interns, with nearly four hundred employees. Any persons using equipment, software or accessing any of the data shared with our company and clients, must complete online security training. The security training will take approximately six hours to complete and will consist of ten modules, each requiring that the learner passes a quiz at the end.

As a manager of the front end development team, I will work with the security team to develop a course that ensures that all of my team members have the security knowledge needed to meet government’s regulation expectations of compliance.

Policy and Procedure Manuel

Regulatory Subsystem

1. The security course will be created for all teams within the organisation. Basic course content will be the same across all departments, but teams will have individually customized courses based on the data and information accessible given their role within the company. All employees must be aware of how to spot security risks when using technology.
2. The Front End Developer course will include all of the required company information, as well as security information regarding content that is displayed on the website, as well as information regarding accessing the content management that controls said content. Banking websites are susceptible to hacking and therefore the development team will need an extra level of security training to verify that consumers are able to safely browser the websites.
3. The course will go over federally regulated compliance rules that must be followed when working in banking. These policies assure that consumers are safe from financial industry threats including, identity theft and phishing, and verify that they are protected against misleading information in regards to how their money is handled.

Course Subsystem

1. All course information will be approved by department managers, team managers, the security team, the human resources team, and the compliance team. It is vital that all team members get an accurate education on security risks and guidelines, compliance rules, and government regulations.
2. Team managers will verify that any data accessible by their team members is being accessed in a safe way that complies with all government rules and regulations. Data must be secure and handled with the extreme care and safety.
3. The course will be modified by the Front End Development Manager to verify that team members understand compliancy rules when displaying account information on a website. Compliance must be followed in order to ensure that consumers are getting an accurate picture of how the account works, and how interest is calculated.

Student Subsystem

1. The course content will cover all information that is required by security and government compliance as well as specialized information geared toward the team members individual role. Contact information will be provided if a learner has any questions or concerns with the information covered in the course.
2. The course will be accessible via the learners web browser and will be secured by their company login. Employees will be required to log in with a Virtual Private Network if they are not logged into the office network.
3. Courses will be self-service, allowing the team members to complete modules at their own pace. However, the course must be completed by the given deadline in order for the company to be in compliance with the government.

Logistical Subsystem

1. Course content will be evaluated and updated yearly to ensure that all information is up-to-date, accurate and compliant.
2. The course will be tested in all modern browsers in each of the operating systems used in the company to make sure that the information is accessible from any of the online devices provided by the company. Courses will require a audio/video player that will need to work in all modern browsers so that all team members can complete the course without having browser issues.
3. As the team member completes each module, data will be stored on the company intranet, verifying that all employees have completed the training.

Accessibility

1. Courses will be audio/video based by default, and the quizzes will be text-based. Team members will be required to view videos while listening to the audio, and then will read and answer questions at the end of the course.
2. The videos will offer subtitling that displays all of the spoken audio, and a script will be available for download, to assist any team member that may need assistance with hearing the content. Any special assistance needed will be accommodated, and contact information will be provided at the beginning of the course.
3. Audio assistance will be available to read any content that does not have voice-over by default, to assist any team members who may have a visual impairment. Any special assistance needed will be accommodated, and contact information will be provided at the beginning of the course.